Sr IT Security Engineer (C6) Level 3

1. Protect and maintain the confidentiality of all documents, data, and proprietary information.

2. Work independently on assigned tasks while providing expert advice and technical support to the project team.

3. Return all DND materials and property upon completion of the contract or specific tasks.

4. Safeguard all documentation and sensitive materials in secure facilities or locked cabinets.

5. Participate in meetings, working groups, technical reviews, consultations, teleconferences, and coordination sessions with internal and external stakeholders, as directed by the Technical Authority.

6. Develop and maintain detailed work plans, schedules, and progress tracking for assigned deliverables.

7. Review, analyze, and apply IT and network security concepts, including but not limited to:

a. Directory standards (e.g., X.400, X.500, SMTP).

b. Operating systems (e.g., Microsoft Windows, Unix, Linux, Novell).

c. Networking protocols (e.g., HTTP, FTP, Telnet).

a. Secure IT architecture fundamentals, communications, and security protocols (e.g., IPSec, IPv6, SSL, SSH).

b. IT security protocols at all layers of the Open Systems Interconnection (OSI) and Transmission Control Protocol/Internet Protocol (TCP/IP) stacks.

c. Domain Name Services (DNS) and Network Time Protocols (NTP).

d. Network routers, multiplexers, and switches.

e. Application, host, and network hardening and security best practices (e.g., shell scripting, service identification, access control).

f. Intrusion detection and prevention systems, malicious code defence, file integrity, enterprise security management, and firewalls.

g. Wireless technologies; and

h. Cryptographic algorithms.

1. Threat, Vulnerability & Security Configuration Management.

a. Identify and assess technical threats and vulnerabilities affecting networks, systems, and applications.

b. Manage and maintain IT security configurations and ensure alignment with departmental standards and policies.

2. Security Analytics, Reporting & Technical Documentation.

a. Evaluate and apply IT security tools and techniques, analyze collected security data, and produce advisories, assessments, and statistical reports.

b. Prepare technical documentation and reports, including IT security solution option analyses, implementation plans, and recommendations.

1. Independent Verification & Validation (IV&V), Audits & Continuity Assurance

a. Provide Independent Verification and Validation (IV&V) support to IT security projects, including:

b. Conducting IT security audits, assessments, and related documentation.

c. Reviewing contingency, business continuity, and disaster recovery plans; and

d. Designing, developing, and executing IT security tests, evaluations, and exercises to validate system integrity.

2. Develop and deliver training materials, briefings, and awareness sessions relevant to IT security engineering.